package product

import (
	session2 "OnlineRetailers/controllers/admin/session"
	"OnlineRetailers/controllers/admin/sqlInject"
	"OnlineRetailers/controllers/errorDeal"
	"OnlineRetailers/models"
	"OnlineRetailers/models/Admin"
	"OnlineRetailers/models/Admin/resMes"
	error2 "OnlineRetailers/models/errorDeal"
	"github.com/astaxie/beego"
	"github.com/astaxie/beego/orm"
)

type SearchProduct struct {
	beego.Controller
}

func (c *SearchProduct) SearchProduct() {
	defer func() {
		c.Ctx.Output.Header("Access-Control-Allow-Origin", "*")
		c.Ctx.Output.Status = 200
		c.ServeJSON()
	}()
	var addr = "/Product/SearchProduct"
	res := resMes.GetProductDetaileds{}
	productDetailed := []*Admin.ProductDetailed{}
	log := &error2.Log{}
	mes := &error2.Mes{}
	var sql string
	var err error
	o := orm.NewOrm()
	filter, err := c.GetInt("filter", 0)
	if err != nil {
		c.Data["json"] = errorDeal.ErrMess(log, "400", err, addr, err.Error())
		return
	}
	add, err := c.GetInt("add", 0)
	if err != nil {
		c.Data["json"] = errorDeal.ErrMess(log, "400", err, addr, err.Error())
		return
	}
	//fmt.Println(add)
	begin, err := c.GetInt("begin", 0)
	if err != nil {
		c.Data["json"] = errorDeal.ErrMess(log, "400", err, addr, err.Error())
		return
	}
	key := c.GetString("key")
	if key == "" {
		c.Data["json"] = errorDeal.ErrLightMess(mes, "401", "keyNull")
		return
	}
	keyClass := c.GetString("keyClass")

	if add == 0 {
		//fmt.Println(begin)
		err = session2.CheckSession(c.Ctx.Request.Header["Session"], 1)
		if err != nil {
			c.Data["json"] = errorDeal.ErrMess(log, "400", err, addr, err.Error())
			return
		}
	}
	cond := orm.NewCondition()
	cond1 := cond.Or("name__icontains", key)
	if add == 0 {

		cond1 = cond.Or(keyClass+"__icontains", key)
		_, err = o.QueryTable("product_detailed").SetCond(cond1).All(&productDetailed)
		//sql := "select * from `product_detailed` where `" + keyClass + "` LIKE '%" + key + "%'"
		//_, err = o.Raw(sql).QueryRows(&productDetailed)
	} else if add == 1 {

		cond1 = cond.Or("name__icontains", key)
		_, err = o.QueryTable("product_detailed").SetCond(cond1).All(&productDetailed)
		//sql := "select `name` from `product_detailed` where `name` LIKE '%" + key + "%'"
		//_, err = o.Raw(sql).QueryRows(&productDetailed)
	} else {
		if filter == 0 {
			//cond1 = cond.Or("name__icontains", key)
			SqlInject := sqlInject.FilteredSQLInject(key)
			if SqlInject {
				c.Data["json"] = errorDeal.ErrLightMess(mes, "400", "疑似sql注入")
				return
			}
			sql = "select * from `product_detailed` where `name` LIKE '%" + key + "%' or `notes` LIKE '%" + key + "%' order by `product_id` desc limit ?,?"

		} else {
			sql = "select * from `product_detailed` where `name` LIKE '%" + key + "%' or `notes` LIKE '%" + key + "%' order by `" + models.FilterList[filter-1][0] + "` " + models.FilterList[filter-1][1] + " limit ?,?"

		}
		_, err = o.Raw(sql, begin, begin+models.DateLengthByProduct).QueryRows(&productDetailed)
	}

	if err != nil {
		c.Data["json"] = errorDeal.ErrMess(log, "400", err, addr, err.Error())
		return
	}

	res.ProductDetailed = productDetailed
	res.Code = "200"
	c.Data["json"] = res

}
